added a new vmctx which removes calc_jmp and such

3 years ago · 2e7281f900
parent 5e0e7ab06b
commit 2e7281f900
4 changed files with 65 additions and 1 deletions
--- a/.gitignore
+++ b/.gitignore
@ -4,4 +4,5 @@ build*/
 out/
 .vs/
 .cache/
-*.exe
+*.exe
 *.o
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -78,7 +78,9 @@ list(APPEND vmprofiler_SOURCES
 	"dependencies/vmprofiler/include/vmprofiles.hpp"
 	"dependencies/vmprofiler/include/vmutils.hpp"
 	"dependencies/vmprofiler/include/scn.hpp"
 	"src/vmctx.cpp"
 	"src/vmlocate.cpp"
 	"include/vmctx.hpp"
 	"include/vmlocate.hpp"
 	"include/vmprofiler.hpp"
 )
--- a/include/vmctx.hpp
+++ b/include/vmctx.hpp
@ -0,0 +1,42 @@
 #pragma once
 #include <transform.hpp>
 #include <vmp2.hpp>
 namespace vm {
 /// <summary>
 /// vm::ctx_t class is used to auto generate vm_entry, calc_jmp, and other
 /// per-vm entry information... creating a vm::ctx_t object can make it easier
 /// to pass around information pertaining to a given vm entry...
 /// </summary>
 class ctx_t {
 public:
  /// <summary>
  /// default constructor for vm::ctx_t... all information for a given vm entry
  /// must be provided...
  /// </summary>
  /// <param name="module_base">the linear virtual address of the module
  /// base...</param> <param name="image_base">image base from optional nt
  /// header... <a
  /// href="https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header64">IMAGE_OPTIONAL_HEADER64</a>...</param>
  /// <param name="image_size">image size from optional nt header... <a
  /// href="https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-image_optional_header64">IMAGE_OPTIONAL_HEADER64</a>...</param>
  /// <param name="vm_entry_rva">relative virtual address from the module base
  /// address to the first push prior to a vm entry...</param>
  explicit ctx_t(std::uintptr_t module_base, std::uintptr_t image_base,
                 std::uintptr_t image_size, std::uintptr_t vm_entry_rva);
  /// <summary>
  /// init all per-vm entry data such as vm_entry, calc_jmp, and vm handlers...
  /// </summary>
  /// <returns>returns true if no errors...</returns>
  bool init();
  const std::uintptr_t module_base, image_base, vm_entry_rva, image_size;
  /// <summary>
  /// the order in which VIP advances...
  /// </summary>
  vmp2::exec_type_t exec_type;
  zydis_routine_t vm_entry;
 };
 }  // namespace vm
--- a/src/vmctx.cpp
+++ b/src/vmctx.cpp
@ -0,0 +1,19 @@
 #include <vmctx.hpp>
 namespace vm
 {
    ctx_t::ctx_t( std::uintptr_t module_base, std::uintptr_t image_base, std::uintptr_t image_size,
                  std::uintptr_t vm_entry_rva )
        : module_base( module_base ), image_base( image_base ), image_size( image_size ), vm_entry_rva( vm_entry_rva )
    {
    }
    bool ctx_t::init()
    {
        if ( !vm::util::flatten( vm_entry, vm_entry_rva + module_base ) )
            return false;
        vm::util::deobfuscate( vm_entry );
        return true;
    }
 } // namespace vm
 out/
 .vs/
 .cache/
 *.exe
+*.o